If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Scanner for them, scanner for us.

Quick hit I hope here.

Our auditing department uses ISS and NESSUS to scan our network. The company supports us using ISS to scan but not NESSUS. So a few things me'ah:

1. Is NESSUS a better scanner overall than ISS or should be used as a 2nd opinion scanner?
2. What about SNORT? Is it comparable to ISS/NESSUS? Is SNORT betta?
3. Is there just a host scanner to have a server scan and report on itself (or just use ISS/NESSUS)?
4. I see that nmap is supposed to be a part of NESSUS as well, has anyone seen big issues with using nmap? Either alone or as part of NESSUS?

Ok, maybe not such a quick hit, but I figure we have some pretty big brains out there...

1) No its not; however, it is also free and it is also very good and usually has new checks before ISS does. If you have a small network, Nessus is more than capable. If you have a large network, ISS is much faster and generally has better reporting features. I recommend using both, nessus has its strengths as does ISS, and most of the time will catch different things that the other may miss. You should pay special attention to the attacks used by nessus however since they are supplied by the public at large.

2) Snort is an IDS product, not a scanner.

3) I don't understand the question.

4) Nmap is an extremely powerful scanner; however, it is a network/port/OS Detection scanner, not a vulnerability scanner. Nessus uses Nmap to indentify live machines and the services running on them (and sometimes OS), whereas ISS has their own engine.

They are both good, if you can afford ISS, then keep it and run both. If money is tight, nessus is a good product.

/nebulus

There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

I think I might understand Question 3, correct me if I'm wrong. But are you trying to ask if there is a server side app that you can use that will run a scan on itself and make logs and such and report back if there are any "problems". IE any holes or whatnot in the structure?

[shadow]There is no right and wrong, only fun and boring...Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]

I think I might understand Question 3, correct me if I'm wrong. But are you trying to ask if there is a server side app that you can use that will run a scan on itself and make logs and such and report back if there are any "problems". IE any holes or whatnot in the structure?

Correct. Sorry about the phrasing. And I was misinformed on Snort, thanks for the correction. Thanks for the comments so far - good advice!